<?php

namespace App\Http\Middleware;
use Validator;
use Closure;
use Cookie;
class AuthCheck
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(stripos($request->header('referer'),'localhost:8080') > -1){
            return $next($request);
        }
//        return $next($request);
        $user = session('user');
        if($user['token'] && Cookie::get('token') === $user['token']){
            if($request->isMethod('post')){
                if((int)$user['root'] !== 1){
                    return response(['msg'=>'你不是管理员，无法更改数据','code' => 403]);
                }else{
                    return $next($request);
                }
            }else{
                return $next($request);
            }
        }else {
            return response(['msg'=>'请重新登录','code' => 701]);
        }

    }
}
